Willem, I think you should open a bug report <https://github.com/influxdata/influxdb/issues/new> on the repo. I'm not familiar enough with the implementation to know if you have a misconfiguration.
On Fri, Nov 18, 2016 at 10:34 AM, Willem D'Haese <[email protected]> wrote: > Sean, > > Version 1.1.1. > > I'm unable to start the influxdb service when using the letsencrypt > certificates. > > [admin] > enabled = true > bind-address = ":8083" > https-enabled = true > https-certificate = "/etc/letsencrypt/live/m01. > outsideit.net/fullchain.pem" > https-private-key = "/etc/letsencrypt/live/m01.outsideit.net/privkey.pem > " > > [http] > enabled = true > bind-address = ":8086" > auth-enabled = true > log-enabled = true > write-tracing = false > pprof-enabled = false > https-enabled = true > https-certificate = "/etc/letsencrypt/live/m01. > outsideit.net/fullchain.pem" > https-private-key = "/etc/letsencrypt/live/m01.outsideit.net/privkey.pem > " > > > Results in: > > run: open server: open service: tls: failed to find PEM block with type >> ending in "PRIVATE KEY" in key input after skipping PEM blocks of the >> following types: [CERTIFICATE CERTIFICATE] > > > > sudo ls -la /etc/letsencrypt/live/m01.outsideit.net > total 8 > drwxr-xr-x 2 root root 4096 Nov 18 17:17 . > drwxr-xr-x 3 root root 4096 Nov 18 17:17 .. > lrwxrwxrwx 1 root root 41 Nov 18 17:17 cert.pem -> ../../archive/ > m01.outsideit.net/cert1.pem > lrwxrwxrwx 1 root root 42 Nov 18 17:17 chain.pem -> ../../archive/ > m01.outsideit.net/chain1.pem > lrwxrwxrwx 1 root root 46 Nov 18 17:17 fullchain.pem -> ../../archive/ > m01.outsideit.net/fullchain1.pem > lrwxrwxrwx 1 root root 44 Nov 18 17:17 privkey.pem -> ../../archive/ > m01.outsideit.net/privkey1.pem > > In Apache it works fine like this. > > <VirtualHost *:443> > SSLEngine on > SSLCertificateKeyFile /etc/letsencrypt/live/m01. > outsideit.net/privkey.pem > SSLCertificateFile /etc/letsencrypt/live/m01.outsideit.net/cert.pem > SSLCertificateChainFile /etc/letsencrypt/live/m01. > outsideit.net/chain.pem > > You happen to see what I'm doing wrong? > > I can make it work by adding the privkey.pem to the fullchain.pem, but > this should work natively like Apache no? > > Grtz > > Willem > > -- > Remember to include the version number! > --- > You received this message because you are subscribed to the Google Groups > "InfluxData" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/influxdb. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/influxdb/13d8b4f1-ca25-4ca6-a4b3-ba9a82987bd2%40googlegroups.com > <https://groups.google.com/d/msgid/influxdb/13d8b4f1-ca25-4ca6-a4b3-ba9a82987bd2%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Sean Beckett Director of Support and Professional Services InfluxDB -- Remember to include the version number! --- You received this message because you are subscribed to the Google Groups "InfluxData" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/influxdb. To view this discussion on the web visit https://groups.google.com/d/msgid/influxdb/CALGqCvPwAO8v%3DEZcOgOg3Qen-n%3D1xUJEjgZzTS304N1rGpCgfA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
